Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-29324 (GCVE-0-2023-29324)
Vulnerability from cvelistv5 – Published: 2023-05-09 17:03 – Updated: 2025-07-10 16:38
VLAI?
EPSS
Title
Windows MSHTML Platform Security Feature Bypass Vulnerability
Summary
Windows MSHTML Platform Security Feature Bypass Vulnerability
Severity ?
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
23 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.4377
(custom)
|
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < 10.0.17763.4377
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.4377
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.4377
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.1726
(custom)
|
|
| Microsoft | Windows 10 Version 20H2 |
Affected:
10.0.0 , < 10.0.19042.2965
(custom)
|
|
| Microsoft | Windows 11 version 21H2 |
Affected:
10.0.0 , < 10.0.22000.1936
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19043.0 , < 10.0.19044.2965
(custom)
|
|
| Microsoft | Windows 11 version 22H2 |
Affected:
10.0.22621.0 , < 10.0.22621.1702
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.2965
(custom)
|
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.10240.0 , < 10.0.10240.19926
(custom)
|
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.5921
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.5921
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.5921
(custom)
|
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.6003.0 , < 6.0.6003.22070
(custom)
|
|
| Microsoft | Windows Server 2008 Service Pack 2 (Server Core installation) |
Affected:
6.0.6003.0 , < 6.0.6003.22070
(custom)
|
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.6003.0 , < 6.0.6003.22070
(custom)
|
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 |
Affected:
6.1.7601.0 , < 6.1.7601.26519
(custom)
|
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) |
Affected:
6.1.7601.0 , < 6.1.7601.26519
(custom)
|
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.9200.0 , < 6.2.9200.24266
(custom)
|
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.9200.0 , < 6.2.9200.24266
(custom)
|
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.9600.0 , < 6.3.9600.20969
(custom)
|
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.9600.0 , < 6.3.9600.20969
(custom)
|
Date Public ?
2023-05-09 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Windows MSHTML Platform Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4377",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4377",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4377",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4377",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.1726",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 20H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19042.2965",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 11 version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22000.1936",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.2965",
"status": "affected",
"version": "10.0.19043.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.1702",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.2965",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19926",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5921",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5921",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5921",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.22070",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.22070",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.22070",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.26519",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.26519",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.24266",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.24266",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.20969",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.20969",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.4377",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.17763.4377",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4377",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4377",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.1726",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19042.2965",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.1936",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.2965",
"versionStartIncluding": "10.0.19043.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.1702",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.2965",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.19926",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.5921",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.5921",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.5921",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.0.6003.22070",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.0.6003.22070",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "6.0.6003.22070",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.26519",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.26519",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.24266",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.24266",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.20969",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.20969",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-05-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Windows MSHTML Platform Security Feature Bypass Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T16:38:58.819Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows MSHTML Platform Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324"
}
],
"title": "Windows MSHTML Platform Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-29324",
"datePublished": "2023-05-09T17:03:02.455Z",
"dateReserved": "2023-04-04T22:34:18.377Z",
"dateUpdated": "2025-07-10T16:38:58.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-29324",
"date": "2026-05-24",
"epss": "0.01873",
"percentile": "0.83357"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.10240.19926\", \"matchCriteriaId\": \"0855C3A7-36C3-4398-9208-1FC8A02F40D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.14393.5921\", \"matchCriteriaId\": \"BAB00F09-4CCF-4AB6-85CE-07298A21C1D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.17763.4377\", \"matchCriteriaId\": \"DAF1C808-45D2-4C43-81F0-0E3DC697A31A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.19042.2965\", \"matchCriteriaId\": \"8B7C959F-A277-4B18-B7D8-6CC8A5D01469\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.19044.2965\", \"matchCriteriaId\": \"B1DB7F7A-A2CA-462C-A75C-A6739899C14B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.19045.2965\", \"matchCriteriaId\": \"A7450AB6-B09E-4C37-82FD-274675C0F8AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.22000.1936\", \"matchCriteriaId\": \"7E42EF0F-F78C-49E8-BC26-09AF1C0730E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.22000.1702\", \"matchCriteriaId\": \"C8267EF4-E3E6-4FA1-8090-965AE770B313\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F422A8C-2C4E-42C8-B420-E0728037E15C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2ACA9287-B475-4AF7-A4DA-A7143CEF9E57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Windows MSHTML Platform Security Feature Bypass Vulnerability\"}]",
"id": "CVE-2023-29324",
"lastModified": "2024-11-21T07:56:52.040",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}]}",
"published": "2023-05-09T18:15:13.607",
"references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-73\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-29324\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2023-05-09T18:15:13.607\",\"lastModified\":\"2024-11-21T07:56:52.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Windows MSHTML Platform Security Feature Bypass Vulnerability\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-73\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.10240.19926\",\"matchCriteriaId\":\"0855C3A7-36C3-4398-9208-1FC8A02F40D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.14393.5921\",\"matchCriteriaId\":\"BAB00F09-4CCF-4AB6-85CE-07298A21C1D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.4377\",\"matchCriteriaId\":\"DAF1C808-45D2-4C43-81F0-0E3DC697A31A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19042.2965\",\"matchCriteriaId\":\"8B7C959F-A277-4B18-B7D8-6CC8A5D01469\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19044.2965\",\"matchCriteriaId\":\"B1DB7F7A-A2CA-462C-A75C-A6739899C14B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19045.2965\",\"matchCriteriaId\":\"A7450AB6-B09E-4C37-82FD-274675C0F8AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22000.1936\",\"matchCriteriaId\":\"7E42EF0F-F78C-49E8-BC26-09AF1C0730E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22000.1702\",\"matchCriteriaId\":\"C8267EF4-E3E6-4FA1-8090-965AE770B313\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ACA9287-B475-4AF7-A4DA-A7143CEF9E57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2023-ALE-002
Vulnerability from certfr_alerte - Published: - Updated:
[mise à jour du 11 mai 2023] Possibilité de contournement du correctif proposé par l'éditeur par le biais de la CVE-2023-29324
[mise à jour du 20 avril 2023] clarification de la recommandation pour le filtrage du flux SMB
[mise à jour du 29 mars 2023] complément d'information et
recommandation
En date du 14 mars 2023, lors de sa mise à jour mensuelle, Microsoft a indiqué l'existence d'une vulnérabilité CVE-2023-23397 affectant diverses versions du produit Outlook pour Windows qui permet à un attaquant de récupérer le condensat Net-NTLMv2 (new technology LAN manager).
Microsoft indique que cette vulnérabilité est activement exploitée dans le cadre d'attaques ciblées. Par ailleurs, le CERT-FR a connaissance d'une première preuve de concept publique (non encore qualifiée).
La vulnérabilité ne requiert pas d'intervention de l'utilisateur. Elle est déclenchée lorsqu'un attaquant envoie un message contenant un lien UNC (Universal Naming Convention) vers une ressource partagée en SMB hébergée sur un serveur qui serait sous contrôle de l'attaquant. Durant la connexion SMB au serveur malveillant, le message d’authentification NTLM pour la négociation de l'authentification est envoyé, l'attaquant peut ainsi le relayer auprès d'autres services supportant ce type d'authentification pour obtenir un accès valide.
L'éditeur indique que les version d'Outlook pour Android, iOS, Mac, mais aussi la version web et les services M365 ne sont pas vulnérables.
Microsoft a publié un code Powershell et une documentation permettant de vérifier si un système a été la cible d'une attaque. Le script remonte les courriels, tâches et invitations de calendrier pointant vers un partage potentiellement non-maîtrisé. Ces éléments doivent être passés en revue afin de déterminer leur légitimité et, dans le cas contraire, ils doivent faire l'objet d'une investigation (contrôler l'existence de connexions sortantes associées, lister les connexions réalisées à l'aide du compte utilisateur, etc.) pour prendre les mesures de remédiation appropriées.
[mise à jour du 20 avril 2023] Le 24 mars 2023, Microsoft a publié un guide d'investigation documentant les différents contrôles à mener et les indicateurs de compromission à chercher. Il convient de noter que ce guide apporte plusieurs éléments techniques qui sont également à prendre en compte :
- Pour prévenir une exploitation menée par un attaquant utilisant une machine distante pour collecter les condensats Net-NTLMv2, il convient d'interdire les flux SMB en sortie du système d'information (TCP/445). Cette règle s'impose également aux postes nomades, dont les flux doivent être sécurisés (cf. les règles R16 à R18 du guide ANSSI pour le nomadisme numérique [2]).
- La mise à jour de sécurité de Microsoft Exchange Server du mois de mars 2023 permet de prévenir l'exploitation de la vulnérabilité en supprimant automatiquement les courriels dont la propriété PidLidReminderFileParameter est définie. Ce correctif ne corrige pas la vulnérabilité intrinsèque au client Outlook mais empêche son exploitation.
[mise à jour du 11 mai 2023] Le 9 mai, Microsoft a publié un correctif pour une vulnérabilité dont l'identifiant est CVE-2023-29324. Cette vulnérabilité permet de continuer à exploiter la vulnérabilité CVE-2023-23397 avec un lien UNC spécialement construit par l'attaquant [3] si le correctif de sécurité de mars 2023 pour les serveurs Microsoft Exchange n'a pas été appliqué (cf. la mise à jour de l'alerte du 20 avril).
Afin de respecter le principe de défense en profondeur, le CERT-FR recommande d'appliquer la mise à jour de mai 2023 (correction de la vulnérabilité CVE-2023-29324).
Solution
Le CERT-FR recommande fortement d’appliquer la mise à jour fournie par Microsoft, se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
[mise à jour du 29 mars 2023] Le CERT-FR recommande fortement d'appliquer la mise à jour de sécurité de mars 2023 pour Microsoft Exchange Server.
[mise à jour du 29 mars 2023] Le CERT-FR recommande fortement d'appliquer les mises à jour de sécurité de mars et de mai 2023 pour Microsoft Exchange Server.
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Entreprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Entreprise pour systèmes 64 bits | ||
| Microsoft | N/A | Microsoft Outlook 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | N/A | Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | N/A | Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | N/A | Microsoft Outlook 2016 (édition 64 bits) | ||
| Microsoft | N/A | Microsoft Outlook 2016 (édition 32 bits) |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Entreprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Entreprise pour syst\u00e8mes 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 RT Service Pack 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2023-07-26",
"content": "## Solution\n\nLe CERT-FR recommande fortement d\u2019appliquer la mise \u00e0 jour fournie par\nMicrosoft, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour\nl\u0027obtention des correctifs (cf. section Documentation).\n\n**\\[mise \u00e0 jour du 29 mars 2023\\]** Le CERT-FR recommande fortement\nd\u0027appliquer la mise \u00e0 jour de s\u00e9curit\u00e9 de mars 2023 pour Microsoft\nExchange Server.\n\n\u003cspan style=\"color: #ff0000;\"\u003e**\\[mise \u00e0 jour du 29 mars 2023\\]**\u003c/span\u003e\nLe CERT-FR recommande fortement d\u0027appliquer les mises \u00e0 jour de s\u00e9curit\u00e9\nde mars \u003cu\u003eet\u003c/u\u003e de mai 2023 pour Microsoft Exchange Server.\n",
"cves": [
{
"name": "CVE-2023-23397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23397"
},
{
"name": "CVE-2023-29324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29324"
}
],
"links": [
{
"title": "[3] Billet de blog du d\u00e9couvreur de la CVE-2023-29324",
"url": "https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23397 du 14 mars 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
},
{
"title": "Documentation et code Powershell fournis par Microsoft pour l\u0027identification de compromission",
"url": "https://aka.ms/CVE-2023-23397ScriptDoc"
},
{
"title": "[2] Guide ANSSI pour le nomadisme num\u00e9rique",
"url": "https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/"
},
{
"title": "Avis CERTFR-2023-AVI-0231 du 15 mars 2023",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0231/"
},
{
"title": "Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
"url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
},
{
"title": "Avis CERTFR-2023-AVI-0234 du 15 mars 2023",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0234/"
}
],
"reference": "CERTFR-2023-ALE-002",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-15T00:00:00.000000"
},
{
"description": "Clarifications mineures",
"revision_date": "2023-03-16T00:00:00.000000"
},
{
"description": "clarification de la recommadation pour le filtrage du flux SMB",
"revision_date": "2023-04-20T00:00:00.000000"
},
{
"description": "Ajout d\u0027informations concernant la vuln\u00e9rabilit\u00e9 CVE-2023-29324",
"revision_date": "2023-05-11T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[mise \u00e0 jour du 11 mai 2023\\]\nPossibilit\u00e9 de contournement du correctif propos\u00e9 par l\u0027\u00e9diteur par le\nbiais de la CVE-2023-29324\u003c/strong\u003e\u003c/span\u003e\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 20 avril 2023\\] clarification de la recommandation\npour le filtrage du flux SMB\u003c/strong\u003e\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 29 mars 2023\\] compl\u00e9ment d\u0027information et\nrecommandation \n\u003c/strong\u003e\n\nEn date du 14 mars 2023, \u003cspan class=\"mx_EventTile_body\" dir=\"auto\"\u003elors\nde sa mise \u00e0 jour mensuelle\u003c/span\u003e, Microsoft a indiqu\u00e9 l\u0027existence\nd\u0027une vuln\u00e9rabilit\u00e9 CVE-2023-23397 affectant diverses versions du\nproduit Outlook pour Windows qui permet \u00e0 un attaquant \u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003ede r\u00e9cup\u00e9rer le condensat\n\u003c/span\u003e*Net-NTLMv2* (*new technology LAN manager*).\n\nMicrosoft indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans\nle cadre d\u0027attaques cibl\u00e9es. Par ailleurs, le CERT-FR a connaissance\nd\u0027une premi\u00e8re preuve de concept publique (non encore qualifi\u00e9e).\n\nLa vuln\u00e9rabilit\u00e9 ne requiert pas d\u0027intervention de l\u0027utilisateur. Elle\nest d\u00e9clench\u00e9e lorsqu\u0027un attaquant envoie un message contenant un\nlien\u00a0*UNC* (*Universal Naming Convention*) vers une ressource partag\u00e9e\nen *SMB* h\u00e9berg\u00e9e sur un serveur qui serait sous contr\u00f4le de\nl\u0027attaquant. Durant la connexion *SMB* au serveur malveillant, le \u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003emessage d\u2019authentification\u003c/span\u003e\n*NTLM* pour la n\u00e9gociation de l\u0027authentification est envoy\u00e9, l\u0027attaquant\npeut ainsi le relayer aupr\u00e8s d\u0027autres services supportant ce type\nd\u0027authentification pour obtenir un acc\u00e8s valide.\n\nL\u0027\u00e9diteur indique que les version d\u0027Outlook pour Android, iOS, Mac, mais\naussi la version web et les services M365 ne sont pas vuln\u00e9rables.\n\nMicrosoft a publi\u00e9 un code Powershell et une documentation permettant de\nv\u00e9rifier si un syst\u00e8me a \u00e9t\u00e9 la cible d\u0027une attaque. Le script remonte\nles courriels, t\u00e2ches et invitations de calendrier pointant vers un\npartage potentiellement non-ma\u00eetris\u00e9. Ces \u00e9l\u00e9ments doivent \u00eatre pass\u00e9s\nen revue afin de d\u00e9terminer leur l\u00e9gitimit\u00e9 et, dans le cas contraire,\nils doivent faire l\u0027objet d\u0027une investigation (contr\u00f4ler l\u0027existence de\nconnexions sortantes associ\u00e9es, lister les connexions r\u00e9alis\u00e9es \u00e0 l\u0027aide\ndu compte utilisateur, etc.) pour prendre les mesures de rem\u00e9diation\nappropri\u00e9es.\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 20 avril 2023\\]\u003c/strong\u003e Le 24 mars 2023, Microsoft a publi\u00e9\nun guide d\u0027investigation documentant les diff\u00e9rents contr\u00f4les \u00e0 mener et\nles indicateurs de compromission \u00e0 chercher. Il convient de noter que ce\nguide apporte plusieurs \u00e9l\u00e9ments techniques qui sont \u00e9galement \u00e0 prendre\nen compte :\n\n- Pour pr\u00e9venir une exploitation men\u00e9e par un attaquant utilisant une\n machine distante pour collecter les condensats *Net-NTLMv2*, il\n convient d\u0027interdire les flux *SMB* \u003cu\u003een sortie du syst\u00e8me\n d\u0027information\u003c/u\u003e (TCP/445). Cette r\u00e8gle s\u0027impose \u00e9galement aux\n postes nomades, dont les flux doivent \u00eatre s\u00e9curis\u00e9s (cf. les r\u00e8gles\n R16 \u00e0 R18 du guide ANSSI pour le nomadisme num\u00e9rique \\[2\\]).\n- \u003cspan class=\"mx_EventTile_body markdown-body\" dir=\"auto\"\u003eLa mise \u00e0\n jour de s\u00e9curit\u00e9 de Microsoft Exchange Server du mois de mars 2023\n permet de pr\u00e9venir l\u0027exploitation de la vuln\u00e9rabilit\u00e9 en supprimant\n automatiquement les courriels dont la propri\u00e9t\u00e9\n *PidLidReminderFileParameter* est d\u00e9finie. Ce correctif ne corrige\n pas la vuln\u00e9rabilit\u00e9 intrins\u00e8que au client Outlook mais emp\u00eache son\n exploitation.\u003c/span\u003e\n\n\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[mise \u00e0 jour du 11 mai 2023\\]\u003c/strong\u003e\n\u003c/span\u003eLe 9 mai, Microsoft a publi\u00e9 un correctif pour une vuln\u00e9rabilit\u00e9\ndont l\u0027identifiant est CVE-2023-29324. Cette vuln\u00e9rabilit\u00e9 permet de\ncontinuer \u00e0 exploiter la vuln\u00e9rabilit\u00e9 CVE-2023-23397 avec un lien *UNC*\nsp\u00e9cialement construit par l\u0027attaquant \\[3\\] si le correctif de s\u00e9curit\u00e9\nde mars 2023 pour les serveurs Microsoft Exchange n\u0027a pas \u00e9t\u00e9 appliqu\u00e9\n(cf. la mise \u00e0 jour de l\u0027alerte du 20 avril).\n\nAfin de respecter le principe de d\u00e9fense en profondeur, le CERT-FR\nrecommande d\u0027appliquer la mise \u00e0 jour de mai 2023 (correction de la\nvuln\u00e9rabilit\u00e9 CVE-2023-29324).\n\n\u003cspan style=\"color: #ff0000;\"\u003e\u00a0\u003c/span\u003e\n",
"title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans Microsoft Outlook",
"vendor_advisories": [
{
"published_at": null,
"title": "[1] Guide d\u0027investigation Microsoft du 24 mars 2023",
"url": "https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mars 2023",
"url": null
},
{
"published_at": null,
"title": "Billet de blogue Microsoft du 14 mars 2023",
"url": "https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/"
}
]
}
CERTFR-2023-ALE-002
Vulnerability from certfr_alerte - Published: - Updated:
[mise à jour du 11 mai 2023] Possibilité de contournement du correctif proposé par l'éditeur par le biais de la CVE-2023-29324
[mise à jour du 20 avril 2023] clarification de la recommandation pour le filtrage du flux SMB
[mise à jour du 29 mars 2023] complément d'information et
recommandation
En date du 14 mars 2023, lors de sa mise à jour mensuelle, Microsoft a indiqué l'existence d'une vulnérabilité CVE-2023-23397 affectant diverses versions du produit Outlook pour Windows qui permet à un attaquant de récupérer le condensat Net-NTLMv2 (new technology LAN manager).
Microsoft indique que cette vulnérabilité est activement exploitée dans le cadre d'attaques ciblées. Par ailleurs, le CERT-FR a connaissance d'une première preuve de concept publique (non encore qualifiée).
La vulnérabilité ne requiert pas d'intervention de l'utilisateur. Elle est déclenchée lorsqu'un attaquant envoie un message contenant un lien UNC (Universal Naming Convention) vers une ressource partagée en SMB hébergée sur un serveur qui serait sous contrôle de l'attaquant. Durant la connexion SMB au serveur malveillant, le message d’authentification NTLM pour la négociation de l'authentification est envoyé, l'attaquant peut ainsi le relayer auprès d'autres services supportant ce type d'authentification pour obtenir un accès valide.
L'éditeur indique que les version d'Outlook pour Android, iOS, Mac, mais aussi la version web et les services M365 ne sont pas vulnérables.
Microsoft a publié un code Powershell et une documentation permettant de vérifier si un système a été la cible d'une attaque. Le script remonte les courriels, tâches et invitations de calendrier pointant vers un partage potentiellement non-maîtrisé. Ces éléments doivent être passés en revue afin de déterminer leur légitimité et, dans le cas contraire, ils doivent faire l'objet d'une investigation (contrôler l'existence de connexions sortantes associées, lister les connexions réalisées à l'aide du compte utilisateur, etc.) pour prendre les mesures de remédiation appropriées.
[mise à jour du 20 avril 2023] Le 24 mars 2023, Microsoft a publié un guide d'investigation documentant les différents contrôles à mener et les indicateurs de compromission à chercher. Il convient de noter que ce guide apporte plusieurs éléments techniques qui sont également à prendre en compte :
- Pour prévenir une exploitation menée par un attaquant utilisant une machine distante pour collecter les condensats Net-NTLMv2, il convient d'interdire les flux SMB en sortie du système d'information (TCP/445). Cette règle s'impose également aux postes nomades, dont les flux doivent être sécurisés (cf. les règles R16 à R18 du guide ANSSI pour le nomadisme numérique [2]).
- La mise à jour de sécurité de Microsoft Exchange Server du mois de mars 2023 permet de prévenir l'exploitation de la vulnérabilité en supprimant automatiquement les courriels dont la propriété PidLidReminderFileParameter est définie. Ce correctif ne corrige pas la vulnérabilité intrinsèque au client Outlook mais empêche son exploitation.
[mise à jour du 11 mai 2023] Le 9 mai, Microsoft a publié un correctif pour une vulnérabilité dont l'identifiant est CVE-2023-29324. Cette vulnérabilité permet de continuer à exploiter la vulnérabilité CVE-2023-23397 avec un lien UNC spécialement construit par l'attaquant [3] si le correctif de sécurité de mars 2023 pour les serveurs Microsoft Exchange n'a pas été appliqué (cf. la mise à jour de l'alerte du 20 avril).
Afin de respecter le principe de défense en profondeur, le CERT-FR recommande d'appliquer la mise à jour de mai 2023 (correction de la vulnérabilité CVE-2023-29324).
Solution
Le CERT-FR recommande fortement d’appliquer la mise à jour fournie par Microsoft, se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
[mise à jour du 29 mars 2023] Le CERT-FR recommande fortement d'appliquer la mise à jour de sécurité de mars 2023 pour Microsoft Exchange Server.
[mise à jour du 29 mars 2023] Le CERT-FR recommande fortement d'appliquer les mises à jour de sécurité de mars et de mai 2023 pour Microsoft Exchange Server.
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Entreprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Entreprise pour systèmes 64 bits | ||
| Microsoft | N/A | Microsoft Outlook 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | N/A | Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | N/A | Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | N/A | Microsoft Outlook 2016 (édition 64 bits) | ||
| Microsoft | N/A | Microsoft Outlook 2016 (édition 32 bits) |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Entreprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Entreprise pour syst\u00e8mes 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 RT Service Pack 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2023-07-26",
"content": "## Solution\n\nLe CERT-FR recommande fortement d\u2019appliquer la mise \u00e0 jour fournie par\nMicrosoft, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour\nl\u0027obtention des correctifs (cf. section Documentation).\n\n**\\[mise \u00e0 jour du 29 mars 2023\\]** Le CERT-FR recommande fortement\nd\u0027appliquer la mise \u00e0 jour de s\u00e9curit\u00e9 de mars 2023 pour Microsoft\nExchange Server.\n\n\u003cspan style=\"color: #ff0000;\"\u003e**\\[mise \u00e0 jour du 29 mars 2023\\]**\u003c/span\u003e\nLe CERT-FR recommande fortement d\u0027appliquer les mises \u00e0 jour de s\u00e9curit\u00e9\nde mars \u003cu\u003eet\u003c/u\u003e de mai 2023 pour Microsoft Exchange Server.\n",
"cves": [
{
"name": "CVE-2023-23397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23397"
},
{
"name": "CVE-2023-29324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29324"
}
],
"links": [
{
"title": "[3] Billet de blog du d\u00e9couvreur de la CVE-2023-29324",
"url": "https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23397 du 14 mars 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
},
{
"title": "Documentation et code Powershell fournis par Microsoft pour l\u0027identification de compromission",
"url": "https://aka.ms/CVE-2023-23397ScriptDoc"
},
{
"title": "[2] Guide ANSSI pour le nomadisme num\u00e9rique",
"url": "https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/"
},
{
"title": "Avis CERTFR-2023-AVI-0231 du 15 mars 2023",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0231/"
},
{
"title": "Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
"url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
},
{
"title": "Avis CERTFR-2023-AVI-0234 du 15 mars 2023",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0234/"
}
],
"reference": "CERTFR-2023-ALE-002",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-15T00:00:00.000000"
},
{
"description": "Clarifications mineures",
"revision_date": "2023-03-16T00:00:00.000000"
},
{
"description": "clarification de la recommadation pour le filtrage du flux SMB",
"revision_date": "2023-04-20T00:00:00.000000"
},
{
"description": "Ajout d\u0027informations concernant la vuln\u00e9rabilit\u00e9 CVE-2023-29324",
"revision_date": "2023-05-11T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[mise \u00e0 jour du 11 mai 2023\\]\nPossibilit\u00e9 de contournement du correctif propos\u00e9 par l\u0027\u00e9diteur par le\nbiais de la CVE-2023-29324\u003c/strong\u003e\u003c/span\u003e\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 20 avril 2023\\] clarification de la recommandation\npour le filtrage du flux SMB\u003c/strong\u003e\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 29 mars 2023\\] compl\u00e9ment d\u0027information et\nrecommandation \n\u003c/strong\u003e\n\nEn date du 14 mars 2023, \u003cspan class=\"mx_EventTile_body\" dir=\"auto\"\u003elors\nde sa mise \u00e0 jour mensuelle\u003c/span\u003e, Microsoft a indiqu\u00e9 l\u0027existence\nd\u0027une vuln\u00e9rabilit\u00e9 CVE-2023-23397 affectant diverses versions du\nproduit Outlook pour Windows qui permet \u00e0 un attaquant \u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003ede r\u00e9cup\u00e9rer le condensat\n\u003c/span\u003e*Net-NTLMv2* (*new technology LAN manager*).\n\nMicrosoft indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans\nle cadre d\u0027attaques cibl\u00e9es. Par ailleurs, le CERT-FR a connaissance\nd\u0027une premi\u00e8re preuve de concept publique (non encore qualifi\u00e9e).\n\nLa vuln\u00e9rabilit\u00e9 ne requiert pas d\u0027intervention de l\u0027utilisateur. Elle\nest d\u00e9clench\u00e9e lorsqu\u0027un attaquant envoie un message contenant un\nlien\u00a0*UNC* (*Universal Naming Convention*) vers une ressource partag\u00e9e\nen *SMB* h\u00e9berg\u00e9e sur un serveur qui serait sous contr\u00f4le de\nl\u0027attaquant. Durant la connexion *SMB* au serveur malveillant, le \u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003emessage d\u2019authentification\u003c/span\u003e\n*NTLM* pour la n\u00e9gociation de l\u0027authentification est envoy\u00e9, l\u0027attaquant\npeut ainsi le relayer aupr\u00e8s d\u0027autres services supportant ce type\nd\u0027authentification pour obtenir un acc\u00e8s valide.\n\nL\u0027\u00e9diteur indique que les version d\u0027Outlook pour Android, iOS, Mac, mais\naussi la version web et les services M365 ne sont pas vuln\u00e9rables.\n\nMicrosoft a publi\u00e9 un code Powershell et une documentation permettant de\nv\u00e9rifier si un syst\u00e8me a \u00e9t\u00e9 la cible d\u0027une attaque. Le script remonte\nles courriels, t\u00e2ches et invitations de calendrier pointant vers un\npartage potentiellement non-ma\u00eetris\u00e9. Ces \u00e9l\u00e9ments doivent \u00eatre pass\u00e9s\nen revue afin de d\u00e9terminer leur l\u00e9gitimit\u00e9 et, dans le cas contraire,\nils doivent faire l\u0027objet d\u0027une investigation (contr\u00f4ler l\u0027existence de\nconnexions sortantes associ\u00e9es, lister les connexions r\u00e9alis\u00e9es \u00e0 l\u0027aide\ndu compte utilisateur, etc.) pour prendre les mesures de rem\u00e9diation\nappropri\u00e9es.\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 20 avril 2023\\]\u003c/strong\u003e Le 24 mars 2023, Microsoft a publi\u00e9\nun guide d\u0027investigation documentant les diff\u00e9rents contr\u00f4les \u00e0 mener et\nles indicateurs de compromission \u00e0 chercher. Il convient de noter que ce\nguide apporte plusieurs \u00e9l\u00e9ments techniques qui sont \u00e9galement \u00e0 prendre\nen compte :\n\n- Pour pr\u00e9venir une exploitation men\u00e9e par un attaquant utilisant une\n machine distante pour collecter les condensats *Net-NTLMv2*, il\n convient d\u0027interdire les flux *SMB* \u003cu\u003een sortie du syst\u00e8me\n d\u0027information\u003c/u\u003e (TCP/445). Cette r\u00e8gle s\u0027impose \u00e9galement aux\n postes nomades, dont les flux doivent \u00eatre s\u00e9curis\u00e9s (cf. les r\u00e8gles\n R16 \u00e0 R18 du guide ANSSI pour le nomadisme num\u00e9rique \\[2\\]).\n- \u003cspan class=\"mx_EventTile_body markdown-body\" dir=\"auto\"\u003eLa mise \u00e0\n jour de s\u00e9curit\u00e9 de Microsoft Exchange Server du mois de mars 2023\n permet de pr\u00e9venir l\u0027exploitation de la vuln\u00e9rabilit\u00e9 en supprimant\n automatiquement les courriels dont la propri\u00e9t\u00e9\n *PidLidReminderFileParameter* est d\u00e9finie. Ce correctif ne corrige\n pas la vuln\u00e9rabilit\u00e9 intrins\u00e8que au client Outlook mais emp\u00eache son\n exploitation.\u003c/span\u003e\n\n\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[mise \u00e0 jour du 11 mai 2023\\]\u003c/strong\u003e\n\u003c/span\u003eLe 9 mai, Microsoft a publi\u00e9 un correctif pour une vuln\u00e9rabilit\u00e9\ndont l\u0027identifiant est CVE-2023-29324. Cette vuln\u00e9rabilit\u00e9 permet de\ncontinuer \u00e0 exploiter la vuln\u00e9rabilit\u00e9 CVE-2023-23397 avec un lien *UNC*\nsp\u00e9cialement construit par l\u0027attaquant \\[3\\] si le correctif de s\u00e9curit\u00e9\nde mars 2023 pour les serveurs Microsoft Exchange n\u0027a pas \u00e9t\u00e9 appliqu\u00e9\n(cf. la mise \u00e0 jour de l\u0027alerte du 20 avril).\n\nAfin de respecter le principe de d\u00e9fense en profondeur, le CERT-FR\nrecommande d\u0027appliquer la mise \u00e0 jour de mai 2023 (correction de la\nvuln\u00e9rabilit\u00e9 CVE-2023-29324).\n\n\u003cspan style=\"color: #ff0000;\"\u003e\u00a0\u003c/span\u003e\n",
"title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans Microsoft Outlook",
"vendor_advisories": [
{
"published_at": null,
"title": "[1] Guide d\u0027investigation Microsoft du 24 mars 2023",
"url": "https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mars 2023",
"url": null
},
{
"published_at": null,
"title": "Billet de blogue Microsoft du 14 mars 2023",
"url": "https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/"
}
]
}
CERTFR-2023-AVI-0373
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer un contournement de la fonctionnalité de sécurité, une élévation de privilèges, un déni de service, une exécution de code à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows Server 2022 | ||
| Microsoft | Windows | Windows Server 2012 | ||
| Microsoft | Windows | Windows 10 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2019 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2019 | ||
| Microsoft | Windows | Windows Server 2012 R2 | ||
| Microsoft | Windows | Windows Server 2022 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 11 version 21H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 20H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows Sysmon | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows 11 version 21H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 20H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2016 | ||
| Microsoft | Windows | Windows 10 Version 20H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes x64 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Server 2022",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 20H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Sysmon",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 20H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 20H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24939"
},
{
"name": "CVE-2023-24902",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24902"
},
{
"name": "CVE-2023-24944",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24944"
},
{
"name": "CVE-2023-24901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24901"
},
{
"name": "CVE-2023-24945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24945"
},
{
"name": "CVE-2023-28251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28251"
},
{
"name": "CVE-2023-24904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24904"
},
{
"name": "CVE-2023-24932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24932"
},
{
"name": "CVE-2023-28283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28283"
},
{
"name": "CVE-2023-24949",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24949"
},
{
"name": "CVE-2023-24941",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24941"
},
{
"name": "CVE-2023-24948",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24948"
},
{
"name": "CVE-2023-24942",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24942"
},
{
"name": "CVE-2023-24905",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24905"
},
{
"name": "CVE-2023-29336",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29336"
},
{
"name": "CVE-2023-29324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29324"
},
{
"name": "CVE-2023-29343",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29343"
},
{
"name": "CVE-2023-24943",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24943"
},
{
"name": "CVE-2023-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24903"
},
{
"name": "CVE-2023-24899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24899"
},
{
"name": "CVE-2023-24898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24898"
},
{
"name": "CVE-2023-24900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24900"
},
{
"name": "CVE-2023-29325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29325"
},
{
"name": "CVE-2023-24946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24946"
},
{
"name": "CVE-2023-24947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24947"
},
{
"name": "CVE-2023-24940",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24940"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24902 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24902"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29343 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29343"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24900 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24900"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24898 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24898"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24943 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24943"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24939 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24939"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29324 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24899 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24899"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24948 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24948"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24901 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24901"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24946 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24946"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24940 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24940"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28283 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28283"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24905 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24905"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24903 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24903"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24947 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24947"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28251 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28251"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24944 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24944"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24945 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24945"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29325 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29325"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24932 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24949 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24949"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24941 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24941"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29336 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24942 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24942"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24904 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24904"
}
],
"reference": "CERTFR-2023-AVI-0373",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9, une\n\u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service, une ex\u00e9cution de code \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0373
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer un contournement de la fonctionnalité de sécurité, une élévation de privilèges, un déni de service, une exécution de code à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows Server 2022 | ||
| Microsoft | Windows | Windows Server 2012 | ||
| Microsoft | Windows | Windows 10 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2019 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2019 | ||
| Microsoft | Windows | Windows Server 2012 R2 | ||
| Microsoft | Windows | Windows Server 2022 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 11 version 21H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 20H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows Sysmon | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows 11 version 21H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 20H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2016 | ||
| Microsoft | Windows | Windows 10 Version 20H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes x64 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Server 2022",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 20H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Sysmon",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 20H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 20H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24939"
},
{
"name": "CVE-2023-24902",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24902"
},
{
"name": "CVE-2023-24944",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24944"
},
{
"name": "CVE-2023-24901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24901"
},
{
"name": "CVE-2023-24945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24945"
},
{
"name": "CVE-2023-28251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28251"
},
{
"name": "CVE-2023-24904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24904"
},
{
"name": "CVE-2023-24932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24932"
},
{
"name": "CVE-2023-28283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28283"
},
{
"name": "CVE-2023-24949",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24949"
},
{
"name": "CVE-2023-24941",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24941"
},
{
"name": "CVE-2023-24948",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24948"
},
{
"name": "CVE-2023-24942",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24942"
},
{
"name": "CVE-2023-24905",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24905"
},
{
"name": "CVE-2023-29336",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29336"
},
{
"name": "CVE-2023-29324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29324"
},
{
"name": "CVE-2023-29343",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29343"
},
{
"name": "CVE-2023-24943",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24943"
},
{
"name": "CVE-2023-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24903"
},
{
"name": "CVE-2023-24899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24899"
},
{
"name": "CVE-2023-24898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24898"
},
{
"name": "CVE-2023-24900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24900"
},
{
"name": "CVE-2023-29325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29325"
},
{
"name": "CVE-2023-24946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24946"
},
{
"name": "CVE-2023-24947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24947"
},
{
"name": "CVE-2023-24940",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24940"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24902 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24902"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29343 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29343"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24900 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24900"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24898 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24898"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24943 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24943"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24939 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24939"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29324 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24899 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24899"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24948 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24948"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24901 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24901"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24946 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24946"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24940 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24940"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28283 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28283"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24905 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24905"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24903 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24903"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24947 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24947"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28251 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28251"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24944 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24944"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24945 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24945"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29325 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29325"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24932 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24949 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24949"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24941 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24941"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29336 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24942 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24942"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24904 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24904"
}
],
"reference": "CERTFR-2023-AVI-0373",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9, une\n\u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service, une ex\u00e9cution de code \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
BDU:2023-02555
Vulnerability from fstec - Published: 09.05.2023
VLAI Severity ?
Title
Уязвимость платформы MSHTML операционных систем Windows, позволяющая нарушителю обойти ограничения безопасности
Description
Уязвимость платформы MSHTML операционных систем Windows связана с ошибками в настройках безопасности. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, обойти ограничения безопасности
Severity ?
Vendor
Microsoft Corp
Software Name
Windows Server 2008 Service Pack 2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008 R2 Service Pack 1, Windows 10, Windows 10 1607, Windows Server 2016, Windows Server 2008 Service Pack 2 (Server Core Installation), Windows Server 2012 R2 (Server Core installation), Windows Server 2016 (Server Core installation), Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows 10 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 20H2, Windows Server 2022, Windows Server 2022 (Server Core installation), Windows 10 21H2, Windows 11 22H2, Windows 10 22H2, Windows 11 21H2, Windows Server 2012 (Server Core installation)
Software Version
- (Windows Server 2008 Service Pack 2), - (Windows Server 2012), - (Windows Server 2012 R2), - (Windows Server 2008 R2 Service Pack 1), - (Windows 10), - (Windows 10 1607), - (Windows Server 2016), - (Windows Server 2008 Service Pack 2 (Server Core Installation)), - (Windows Server 2012 R2 (Server Core installation)), - (Windows Server 2016 (Server Core installation)), - (Windows Server 2008 R2 Service Pack 1 (Server Core installation)), - (Windows 10 1809), - (Windows Server 2019), - (Windows Server 2019 (Server Core installation)), - (Windows 10 20H2), - (Windows Server 2022), - (Windows Server 2022 (Server Core installation)), - (Windows 10 21H2), - (Windows 11 22H2), - (Windows 10 22H2), - (Windows 11 21H2), - (Windows Server 2012 (Server Core installation))
Possible Mitigations
Использование рекомендаций производителя:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324
https://www.cybersecurity-help.cz/vdb/SB20230509124
CWE
CWE-254
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO239, TO241, TO242, TO244, TO245, TO246, TO247, TO248, TO249, TO250, TO251, TO252, TO253, TO254, TO256, TO258, TO259",
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO239 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows 10 21H2 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x86, 2023 05 (KB5026361), TO241 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows 10 22H2 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x32, 2023-05 (KB5026361), TO242 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows 10 1809 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64, 2023 05 (KB5026362), TO244 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u043a\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c Internet Explorer 11 \u0434\u043b\u044f Windows Server 2012 R2 \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64, TO245 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0430 (\u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438) \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c Windows Server 2012 R2 \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64, 2023 05 (KB5026409), TO246 \u0415\u0436\u0435\u043c\u0435\u0441\u044f\u0447\u043d\u044b\u0439 \u043d\u0430\u0431\u043e\u0440 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c Windows Server 2012 R2 \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64, 2023 05 (KB5026415), TO247 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows 10 21H2 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64, 2023 05 (KB5026361), TO248 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows Server 2022 (21H2) \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64 (KB5026370), TO249 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows 10 22H2 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64, 2023 05 (KB5026361), TO250 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows Server 2022 (22H2) \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64 (KB5026370), TO251 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows 10 20H2 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64, 2023 05 (KB5026361), TO252 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows Server 2019 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64, 2023 05 (KB5026362), TO253 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows Server 2016 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64, 2023 05 (KB5026363), TO254 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows 11 21H2 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64, 2023 05 (KB5026368), TO256 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u043a\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c Internet Explorer 11 \u0434\u043b\u044f Windows Server 2012 \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64 (KB5026366), TO258 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0430 (\u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438) \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c Windows Server 2012 \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64, 2023 05 (KB5026411), TO259 \u0415\u0436\u0435\u043c\u0435\u0441\u044f\u0447\u043d\u044b\u0439 \u043d\u0430\u0431\u043e\u0440 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c Windows Server 2012 \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x64, 2023 05 (KB5026419)",
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Windows Server 2008 Service Pack 2), - (Windows Server 2012), - (Windows Server 2012 R2), - (Windows Server 2008 R2 Service Pack 1), - (Windows 10), - (Windows 10 1607), - (Windows Server 2016), - (Windows Server 2008 Service Pack 2 (Server Core Installation)), - (Windows Server 2012 R2 (Server Core installation)), - (Windows Server 2016 (Server Core installation)), - (Windows Server 2008 R2 Service Pack 1 (Server Core installation)), - (Windows 10 1809), - (Windows Server 2019), - (Windows Server 2019 (Server Core installation)), - (Windows 10 20H2), - (Windows Server 2022), - (Windows Server 2022 (Server Core installation)), - (Windows 10 21H2), - (Windows 11 22H2), - (Windows 10 22H2), - (Windows 11 21H2), - (Windows Server 2012 (Server Core installation))",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.05.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.05.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.05.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-02555",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-29324",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Windows Server 2008 Service Pack 2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008 R2 Service Pack 1, Windows 10, Windows 10 1607, Windows Server 2016, Windows Server 2008 Service Pack 2 (Server Core Installation), Windows Server 2012 R2 (Server Core installation), Windows Server 2016 (Server Core installation), Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows 10 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 20H2, Windows Server 2022, Windows Server 2022 (Server Core installation), Windows 10 21H2, Windows 11 22H2, Windows 10 22H2, Windows 11 21H2, Windows Server 2012 (Server Core installation)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows Server 2008 Service Pack 2 - 32-bit, Microsoft Corp Windows Server 2008 Service Pack 2 - 64-bit, Microsoft Corp Windows Server 2012 - , Microsoft Corp Windows Server 2012 R2 - , Microsoft Corp Windows Server 2008 R2 Service Pack 1 - 64-bit, Microsoft Corp Windows 10 - 64-bit, Microsoft Corp Windows 10 - 32-bit, Microsoft Corp Windows 10 1607 - 64-bit, Microsoft Corp Windows 10 1607 - 32-bit, Microsoft Corp Windows Server 2016 - , Microsoft Corp Windows Server 2008 Service Pack 2 (Server Core Installation) - 64-bit, Microsoft Corp Windows Server 2008 Service Pack 2 (Server Core Installation) - 32-bit, Microsoft Corp Windows Server 2012 R2 (Server Core installation) - , Microsoft Corp Windows Server 2016 (Server Core installation) - , Microsoft Corp Windows Server 2008 R2 Service Pack 1 (Server Core installation) - 64-bit, Microsoft Corp Windows 10 1809 - 64-bit, Microsoft Corp Windows 10 1809 - 32-bit, Microsoft Corp Windows Server 2019 - , Microsoft Corp Windows Server 2019 (Server Core installation) - , Microsoft Corp Windows 10 1809 - ARM64, Microsoft Corp Windows 10 20H2 - ARM64, Microsoft Corp Windows 10 20H2 - 32-bit, Microsoft Corp Windows 10 20H2 - 64-bit, Microsoft Corp Windows Server 2022 - , Microsoft Corp Windows Server 2022 (Server Core installation) - , Microsoft Corp Windows 10 21H2 - 64-bit, Microsoft Corp Windows 10 21H2 - 32-bit, Microsoft Corp Windows 10 21H2 - ARM64, Microsoft Corp Windows 11 22H2 - 64-bit, Microsoft Corp Windows 11 22H2 - ARM64, Microsoft Corp Windows 10 22H2 - 64-bit, Microsoft Corp Windows 10 22H2 - ARM64, Microsoft Corp Windows 10 22H2 - 32-bit, Microsoft Corp Windows 11 21H2 - 64-bit, Microsoft Corp Windows 11 21H2 - ARM64, Microsoft Corp Windows Server 2012 (Server Core installation) - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b MSHTML \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u042d\u043b\u0435\u043c\u0435\u043d\u0442\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (CWE-254)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b MSHTML \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324\nhttps://www.cybersecurity-help.cz/vdb/SB20230509124",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-254",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}
FKIE_CVE-2023-29324
Vulnerability from fkie_nvd - Published: 2023-05-09 18:15 - Updated: 2024-11-21 07:56
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
Windows MSHTML Platform Security Feature Bypass Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_1507 | * | |
| microsoft | windows_10_1607 | * | |
| microsoft | windows_10_1809 | * | |
| microsoft | windows_10_20h2 | * | |
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2022 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0855C3A7-36C3-4398-9208-1FC8A02F40D0",
"versionEndExcluding": "10.0.10240.19926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAB00F09-4CCF-4AB6-85CE-07298A21C1D9",
"versionEndExcluding": "10.0.14393.5921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF1C808-45D2-4C43-81F0-0E3DC697A31A",
"versionEndExcluding": "10.0.17763.4377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7C959F-A277-4B18-B7D8-6CC8A5D01469",
"versionEndExcluding": "10.0.19042.2965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB7F7A-A2CA-462C-A75C-A6739899C14B",
"versionEndExcluding": "10.0.19044.2965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7450AB6-B09E-4C37-82FD-274675C0F8AF",
"versionEndExcluding": "10.0.19045.2965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E42EF0F-F78C-49E8-BC26-09AF1C0730E0",
"versionEndExcluding": "10.0.22000.1936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8267EF4-E3E6-4FA1-8090-965AE770B313",
"versionEndExcluding": "10.0.22000.1702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows MSHTML Platform Security Feature Bypass Vulnerability"
}
],
"id": "CVE-2023-29324",
"lastModified": "2024-11-21T07:56:52.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-09T18:15:13.607",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-XMV9-MX7P-4JR3
Vulnerability from github – Published: 2023-05-09 18:30 – Updated: 2024-04-04 03:56
VLAI?
Details
Windows MSHTML Platform Security Feature Bypass Vulnerability
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-29324"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-09T18:15:13Z",
"severity": "MODERATE"
},
"details": "Windows MSHTML Platform Security Feature Bypass Vulnerability",
"id": "GHSA-xmv9-mx7p-4jr3",
"modified": "2024-04-04T03:56:43Z",
"published": "2023-05-09T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29324"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GSD-2023-29324
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Windows MSHTML Platform Security Feature Bypass Vulnerability
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-29324",
"id": "GSD-2023-29324"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-29324"
],
"details": "Windows MSHTML Platform Security Feature Bypass Vulnerability",
"id": "GSD-2023-29324",
"modified": "2023-12-13T01:20:56.181894Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2023-29324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 10 Version 1809",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.17763.4377"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.17763.4377"
}
]
}
},
{
"product_name": "Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.17763.4377"
}
]
}
},
{
"product_name": "Windows Server 2022",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.20348.1726"
}
]
}
},
{
"product_name": "Windows 10 Version 20H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.19042.2965"
}
]
}
},
{
"product_name": "Windows 11 version 21H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.22000.1936"
}
]
}
},
{
"product_name": "Windows 10 Version 21H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.19044.2965"
}
]
}
},
{
"product_name": "Windows 11 version 22H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.22621.1702"
}
]
}
},
{
"product_name": "Windows 10 Version 22H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.19045.2965"
}
]
}
},
{
"product_name": "Windows 10 Version 1507",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.10240.19926"
}
]
}
},
{
"product_name": "Windows 10 Version 1607",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.14393.5921"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.14393.5921"
}
]
}
},
{
"product_name": "Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.14393.5921"
}
]
}
},
{
"product_name": "Windows Server 2008 Service Pack 2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.0.0",
"version_value": "6.0.6003.22070"
}
]
}
},
{
"product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.0.0",
"version_value": "6.0.6003.22070"
}
]
}
},
{
"product_name": "Windows Server 2008 Service Pack 2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.0.0",
"version_value": "6.0.6003.22070"
}
]
}
},
{
"product_name": "Windows Server 2008 R2 Service Pack 1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.1.0",
"version_value": "6.1.7601.26519"
}
]
}
},
{
"product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.0.0",
"version_value": "6.1.7601.26519"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.2.0",
"version_value": "6.2.9200.24266"
}
]
}
},
{
"product_name": "Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.2.0",
"version_value": "6.2.9200.24266"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.3.0",
"version_value": "6.3.9600.20969"
}
]
}
},
{
"product_name": "Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.3.0",
"version_value": "6.3.9600.20969"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows MSHTML Platform Security Feature Bypass Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324",
"refsource": "MISC",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.22000.1702",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.17763.4377",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.19042.2965",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.22000.1936",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.19044.2965",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.19045.2965",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.14393.5921",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.10240.19926",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2023-29324"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Windows MSHTML Platform Security Feature Bypass Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
},
"lastModifiedDate": "2023-05-15T19:37Z",
"publishedDate": "2023-05-09T18:15Z"
}
}
}
MSRC_CVE-2023-29324
Vulnerability from csaf_microsoft - Published: 2023-05-09 07:00 - Updated: 2023-05-09 07:00Summary
Windows MSHTML Platform Security Feature Bypass Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
CWE-73
- External Control of File Name or Path
Affected products
Fixed
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Windows Server 2008 for 32-bit Systems Service Pack 2 6.0.6003.22070
Windows Server 2008 for 32-bit Systems Service Pack 2
|
6.0.6003.22070 | ||
|
Windows Server 2008 for x64-based Systems Service Pack 2 6.0.6003.22070
Windows Server 2008 for x64-based Systems Service Pack 2
|
6.0.6003.22070 | ||
|
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 6.0.6003.22070
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
|
6.0.6003.22070 | ||
|
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 6.1.7601.26519
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
|
6.1.7601.26519 | ||
|
Windows Server 2008 R2 for x64-based Systems Service Pack 1 6.1.7601.26519
Windows Server 2008 R2 for x64-based Systems Service Pack 1
|
6.1.7601.26519 | ||
|
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 6.0.6003.22070
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
|
6.0.6003.22070 | ||
|
Windows Server 2012 6.2.9200.24266
Windows Server 2012
|
6.2.9200.24266 | ||
|
Windows Server 2012 (Server Core installation) 6.2.9200.24266
Windows Server 2012 (Server Core installation)
|
6.2.9200.24266 | ||
|
Windows Server 2012 R2 6.3.9600.20969
Windows Server 2012 R2
|
6.3.9600.20969 | ||
|
Windows Server 2012 R2 (Server Core installation) 6.3.9600.20969
Windows Server 2012 R2 (Server Core installation)
|
6.3.9600.20969 | ||
|
Windows 10 for 32-bit Systems 10.0.10240.19926
Windows 10 for 32-bit Systems
|
10.0.10240.19926 | ||
|
Windows 10 for x64-based Systems 10.0.10240.19926
Windows 10 for x64-based Systems
|
10.0.10240.19926 | ||
|
Windows Server 2016 10.0.14393.5921
Windows Server 2016
|
10.0.14393.5921 | ||
|
Windows 10 Version 1607 for 32-bit Systems 10.0.14393.5921
Windows 10 Version 1607 for 32-bit Systems
|
10.0.14393.5921 | ||
|
Windows 10 Version 1607 for x64-based Systems 10.0.14393.5921
Windows 10 Version 1607 for x64-based Systems
|
10.0.14393.5921 | ||
|
Windows Server 2016 (Server Core installation) 10.0.14393.5921
Windows Server 2016 (Server Core installation)
|
10.0.14393.5921 | ||
|
Windows 10 Version 1809 for 32-bit Systems 10.0.17763.4377
Windows 10 Version 1809 for 32-bit Systems
|
10.0.17763.4377 | ||
|
Windows 10 Version 1809 for x64-based Systems 10.0.17763.4377
Windows 10 Version 1809 for x64-based Systems
|
10.0.17763.4377 | ||
|
Windows 10 Version 1809 for ARM64-based Systems 10.0.17763.4377
Windows 10 Version 1809 for ARM64-based Systems
|
10.0.17763.4377 | ||
|
Windows Server 2019 10.0.17763.4377
Windows Server 2019
|
10.0.17763.4377 | ||
|
Windows Server 2019 (Server Core installation) 10.0.17763.4377
Windows Server 2019 (Server Core installation)
|
10.0.17763.4377 | ||
|
Windows 10 Version 20H2 for 32-bit Systems 10.0.19042.2965
Windows 10 Version 20H2 for 32-bit Systems
|
10.0.19042.2965 | ||
|
Windows 10 Version 20H2 for ARM64-based Systems 10.0.19042.2965
Windows 10 Version 20H2 for ARM64-based Systems
|
10.0.19042.2965 | ||
|
Windows Server 2022 10.0.20348.1726
Windows Server 2022
|
10.0.20348.1726 | ||
|
Windows Server 2022 (Server Core installation) 10.0.20348.1726
Windows Server 2022 (Server Core installation)
|
10.0.20348.1726 | ||
|
Windows 11 version 21H2 for x64-based Systems 10.0.22000.1936
Windows 11 version 21H2 for x64-based Systems
|
10.0.22000.1936 | ||
|
Windows 11 version 21H2 for ARM64-based Systems 10.0.22000.1936
Windows 11 version 21H2 for ARM64-based Systems
|
10.0.22000.1936 | ||
|
Windows 10 Version 21H2 for 32-bit Systems 10.0.19044.2965
Windows 10 Version 21H2 for 32-bit Systems
|
10.0.19044.2965 | ||
|
Windows 10 Version 21H2 for ARM64-based Systems 10.0.19044.2965
Windows 10 Version 21H2 for ARM64-based Systems
|
10.0.19044.2965 | ||
|
Windows 10 Version 21H2 for x64-based Systems 10.0.19044.2965
Windows 10 Version 21H2 for x64-based Systems
|
10.0.19044.2965 | ||
|
Windows 11 Version 22H2 for ARM64-based Systems 10.0.22621.1702
Windows 11 Version 22H2 for ARM64-based Systems
|
10.0.22621.1702 | ||
|
Windows 11 Version 22H2 for x64-based Systems 10.0.22621.1702
Windows 11 Version 22H2 for x64-based Systems
|
10.0.22621.1702 | ||
|
Windows 10 Version 22H2 for x64-based Systems 10.0.19045.2965
Windows 10 Version 22H2 for x64-based Systems
|
10.0.19045.2965 | ||
|
Windows 10 Version 22H2 for ARM64-based Systems 10.0.19045.2965
Windows 10 Version 22H2 for ARM64-based Systems
|
10.0.19045.2965 | ||
|
Windows 10 Version 22H2 for 32-bit Systems 10.0.19045.2965
Windows 10 Version 22H2 for 32-bit Systems
|
10.0.19045.2965 |
Known affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Windows 10 Version 22H2 for 32-bit Systems <10.0.19045.2965
Windows 10 Version 22H2 for 32-bit Systems
|
<10.0.19045.2965 |
Vendor Fix
fix
|
|
|
Windows 10 Version 22H2 for ARM64-based Systems <10.0.19045.2965
Windows 10 Version 22H2 for ARM64-based Systems
|
<10.0.19045.2965 |
Vendor Fix
fix
|
|
|
Windows 10 Version 22H2 for x64-based Systems <10.0.19045.2965
Windows 10 Version 22H2 for x64-based Systems
|
<10.0.19045.2965 |
Vendor Fix
fix
|
|
|
Windows 11 Version 22H2 for x64-based Systems <10.0.22621.1702
Windows 11 Version 22H2 for x64-based Systems
|
<10.0.22621.1702 |
Vendor Fix
fix
|
|
|
Windows 11 Version 22H2 for ARM64-based Systems <10.0.22621.1702
Windows 11 Version 22H2 for ARM64-based Systems
|
<10.0.22621.1702 |
Vendor Fix
fix
|
|
|
Windows 10 Version 21H2 for x64-based Systems <10.0.19044.2965
Windows 10 Version 21H2 for x64-based Systems
|
<10.0.19044.2965 |
Vendor Fix
fix
|
|
|
Windows 10 Version 21H2 for ARM64-based Systems <10.0.19044.2965
Windows 10 Version 21H2 for ARM64-based Systems
|
<10.0.19044.2965 |
Vendor Fix
fix
|
|
|
Windows 10 Version 21H2 for 32-bit Systems <10.0.19044.2965
Windows 10 Version 21H2 for 32-bit Systems
|
<10.0.19044.2965 |
Vendor Fix
fix
|
|
|
Windows 11 version 21H2 for ARM64-based Systems <10.0.22000.1936
Windows 11 version 21H2 for ARM64-based Systems
|
<10.0.22000.1936 |
Vendor Fix
fix
|
|
|
Windows 11 version 21H2 for x64-based Systems <10.0.22000.1936
Windows 11 version 21H2 for x64-based Systems
|
<10.0.22000.1936 |
Vendor Fix
fix
|
|
|
Windows Server 2022 (Server Core installation) <10.0.20348.1726
Windows Server 2022 (Server Core installation)
|
<10.0.20348.1726 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Windows Server 2022 <10.0.20348.1726
Windows Server 2022
|
<10.0.20348.1726 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Windows 10 Version 20H2 for ARM64-based Systems <10.0.19042.2965
Windows 10 Version 20H2 for ARM64-based Systems
|
<10.0.19042.2965 |
Vendor Fix
fix
|
|
|
Windows 10 Version 20H2 for 32-bit Systems <10.0.19042.2965
Windows 10 Version 20H2 for 32-bit Systems
|
<10.0.19042.2965 |
Vendor Fix
fix
|
|
|
Windows Server 2019 (Server Core installation) <10.0.17763.4377
Windows Server 2019 (Server Core installation)
|
<10.0.17763.4377 |
Vendor Fix
fix
|
|
|
Windows Server 2019 <10.0.17763.4377
Windows Server 2019
|
<10.0.17763.4377 |
Vendor Fix
fix
|
|
|
Windows 10 Version 1809 for ARM64-based Systems <10.0.17763.4377
Windows 10 Version 1809 for ARM64-based Systems
|
<10.0.17763.4377 |
Vendor Fix
fix
|
|
|
Windows 10 Version 1809 for x64-based Systems <10.0.17763.4377
Windows 10 Version 1809 for x64-based Systems
|
<10.0.17763.4377 |
Vendor Fix
fix
|
|
|
Windows 10 Version 1809 for 32-bit Systems <10.0.17763.4377
Windows 10 Version 1809 for 32-bit Systems
|
<10.0.17763.4377 |
Vendor Fix
fix
|
|
|
Windows Server 2016 (Server Core installation) <10.0.14393.5921
Windows Server 2016 (Server Core installation)
|
<10.0.14393.5921 |
Vendor Fix
fix
|
|
|
Windows 10 Version 1607 for x64-based Systems <10.0.14393.5921
Windows 10 Version 1607 for x64-based Systems
|
<10.0.14393.5921 |
Vendor Fix
fix
|
|
|
Windows 10 Version 1607 for 32-bit Systems <10.0.14393.5921
Windows 10 Version 1607 for 32-bit Systems
|
<10.0.14393.5921 |
Vendor Fix
fix
|
|
|
Windows Server 2016 <10.0.14393.5921
Windows Server 2016
|
<10.0.14393.5921 |
Vendor Fix
fix
|
|
|
Windows 10 for x64-based Systems <10.0.10240.19926
Windows 10 for x64-based Systems
|
<10.0.10240.19926 |
Vendor Fix
fix
|
|
|
Windows 10 for 32-bit Systems <10.0.10240.19926
Windows 10 for 32-bit Systems
|
<10.0.10240.19926 |
Vendor Fix
fix
|
|
|
Windows Server 2012 R2 (Server Core installation) <6.3.9600.20969
Windows Server 2012 R2 (Server Core installation)
|
<6.3.9600.20969 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Windows Server 2012 R2 <6.3.9600.20969
Windows Server 2012 R2
|
<6.3.9600.20969 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Windows Server 2012 (Server Core installation) <6.2.9200.24266
Windows Server 2012 (Server Core installation)
|
<6.2.9200.24266 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Windows Server 2012 <6.2.9200.24266
Windows Server 2012
|
<6.2.9200.24266 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) <6.0.6003.22070
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
|
<6.0.6003.22070 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Windows Server 2008 R2 for x64-based Systems Service Pack 1 <6.1.7601.26519
Windows Server 2008 R2 for x64-based Systems Service Pack 1
|
<6.1.7601.26519 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) <6.1.7601.26519
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
|
<6.1.7601.26519 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) <6.0.6003.22070
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
|
<6.0.6003.22070 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Windows Server 2008 for x64-based Systems Service Pack 2 <6.0.6003.22070
Windows Server 2008 for x64-based Systems Service Pack 2
|
<6.0.6003.22070 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Windows Server 2008 for 32-bit Systems Service Pack 2 <6.0.6003.22070
Windows Server 2008 for 32-bit Systems Service Pack 2
|
<6.0.6003.22070 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
Threats
Impact
Security Feature Bypass
Exploit Status
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
References
7 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2023/m… | self |
| https://www.microsoft.com/en-us/msrc/exploitabili… | external |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2023/m… | self |
Acknowledgments
<a href="https://twitter.com/nachoskrnl">Ben Barnea</a> with <a href="https://www.akamai.com/">Akamai Technologies</a>
{
"document": {
"acknowledgments": [
{
"names": [
"\u003ca href=\"https://twitter.com/nachoskrnl\"\u003eBen Barnea\u003c/a\u003e with \u003ca href=\"https://www.akamai.com/\"\u003eAkamai Technologies\u003c/a\u003e"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-29324 Windows MSHTML Platform Security Feature Bypass Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324"
},
{
"category": "self",
"summary": "CVE-2023-29324 Windows MSHTML Platform Security Feature Bypass Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2023/msrc_cve-2023-29324.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Windows MSHTML Platform Security Feature Bypass Vulnerability",
"tracking": {
"current_release_date": "2023-05-09T07:00:00.000Z",
"generator": {
"date": "2025-07-10T16:38:41.695Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-29324",
"initial_release_date": "2023-05-09T07:00:00.000Z",
"revision_history": [
{
"date": "2023-05-09T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.17763.4377",
"product": {
"name": "Windows 10 Version 1809 for 32-bit Systems \u003c10.0.17763.4377",
"product_id": "19"
}
},
{
"category": "product_version",
"name": "10.0.17763.4377",
"product": {
"name": "Windows 10 Version 1809 for 32-bit Systems 10.0.17763.4377",
"product_id": "11568"
}
}
],
"category": "product_name",
"name": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.17763.4377",
"product": {
"name": "Windows 10 Version 1809 for x64-based Systems \u003c10.0.17763.4377",
"product_id": "18"
}
},
{
"category": "product_version",
"name": "10.0.17763.4377",
"product": {
"name": "Windows 10 Version 1809 for x64-based Systems 10.0.17763.4377",
"product_id": "11569"
}
}
],
"category": "product_name",
"name": "Windows 10 Version 1809 for x64-based Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.17763.4377",
"product": {
"name": "Windows 10 Version 1809 for ARM64-based Systems \u003c10.0.17763.4377",
"product_id": "17"
}
},
{
"category": "product_version",
"name": "10.0.17763.4377",
"product": {
"name": "Windows 10 Version 1809 for ARM64-based Systems 10.0.17763.4377",
"product_id": "11570"
}
}
],
"category": "product_name",
"name": "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.17763.4377",
"product": {
"name": "Windows Server 2019 \u003c10.0.17763.4377",
"product_id": "16"
}
},
{
"category": "product_version",
"name": "10.0.17763.4377",
"product": {
"name": "Windows Server 2019 10.0.17763.4377",
"product_id": "11571"
}
}
],
"category": "product_name",
"name": "Windows Server 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.17763.4377",
"product": {
"name": "Windows Server 2019 (Server Core installation) \u003c10.0.17763.4377",
"product_id": "15"
}
},
{
"category": "product_version",
"name": "10.0.17763.4377",
"product": {
"name": "Windows Server 2019 (Server Core installation) 10.0.17763.4377",
"product_id": "11572"
}
}
],
"category": "product_name",
"name": "Windows Server 2019 (Server Core installation)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.20348.1726",
"product": {
"name": "Windows Server 2022 \u003c10.0.20348.1726",
"product_id": "12"
}
},
{
"category": "product_version",
"name": "10.0.20348.1726",
"product": {
"name": "Windows Server 2022 10.0.20348.1726",
"product_id": "11923"
}
}
],
"category": "product_name",
"name": "Windows Server 2022"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.20348.1726",
"product": {
"name": "Windows Server 2022 (Server Core installation) \u003c10.0.20348.1726",
"product_id": "11"
}
},
{
"category": "product_version",
"name": "10.0.20348.1726",
"product": {
"name": "Windows Server 2022 (Server Core installation) 10.0.20348.1726",
"product_id": "11924"
}
}
],
"category": "product_name",
"name": "Windows Server 2022 (Server Core installation)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.19042.2965",
"product": {
"name": "Windows 10 Version 20H2 for 32-bit Systems \u003c10.0.19042.2965",
"product_id": "14"
}
},
{
"category": "product_version",
"name": "10.0.19042.2965",
"product": {
"name": "Windows 10 Version 20H2 for 32-bit Systems 10.0.19042.2965",
"product_id": "11801"
}
}
],
"category": "product_name",
"name": "Windows 10 Version 20H2 for 32-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.19042.2965",
"product": {
"name": "Windows 10 Version 20H2 for ARM64-based Systems \u003c10.0.19042.2965",
"product_id": "13"
}
},
{
"category": "product_version",
"name": "10.0.19042.2965",
"product": {
"name": "Windows 10 Version 20H2 for ARM64-based Systems 10.0.19042.2965",
"product_id": "11802"
}
}
],
"category": "product_name",
"name": "Windows 10 Version 20H2 for ARM64-based Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.22000.1936",
"product": {
"name": "Windows 11 version 21H2 for x64-based Systems \u003c10.0.22000.1936",
"product_id": "10"
}
},
{
"category": "product_version",
"name": "10.0.22000.1936",
"product": {
"name": "Windows 11 version 21H2 for x64-based Systems 10.0.22000.1936",
"product_id": "11926"
}
}
],
"category": "product_name",
"name": "Windows 11 version 21H2 for x64-based Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.22000.1936",
"product": {
"name": "Windows 11 version 21H2 for ARM64-based Systems \u003c10.0.22000.1936",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "10.0.22000.1936",
"product": {
"name": "Windows 11 version 21H2 for ARM64-based Systems 10.0.22000.1936",
"product_id": "11927"
}
}
],
"category": "product_name",
"name": "Windows 11 version 21H2 for ARM64-based Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.19044.2965",
"product": {
"name": "Windows 10 Version 21H2 for 32-bit Systems \u003c10.0.19044.2965",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "10.0.19044.2965",
"product": {
"name": "Windows 10 Version 21H2 for 32-bit Systems 10.0.19044.2965",
"product_id": "11929"
}
}
],
"category": "product_name",
"name": "Windows 10 Version 21H2 for 32-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.19044.2965",
"product": {
"name": "Windows 10 Version 21H2 for ARM64-based Systems \u003c10.0.19044.2965",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "10.0.19044.2965",
"product": {
"name": "Windows 10 Version 21H2 for ARM64-based Systems 10.0.19044.2965",
"product_id": "11930"
}
}
],
"category": "product_name",
"name": "Windows 10 Version 21H2 for ARM64-based Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.19044.2965",
"product": {
"name": "Windows 10 Version 21H2 for x64-based Systems \u003c10.0.19044.2965",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "10.0.19044.2965",
"product": {
"name": "Windows 10 Version 21H2 for x64-based Systems 10.0.19044.2965",
"product_id": "11931"
}
}
],
"category": "product_name",
"name": "Windows 10 Version 21H2 for x64-based Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.22621.1702",
"product": {
"name": "Windows 11 Version 22H2 for ARM64-based Systems \u003c10.0.22621.1702",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "10.0.22621.1702",
"product": {
"name": "Windows 11 Version 22H2 for ARM64-based Systems 10.0.22621.1702",
"product_id": "12085"
}
}
],
"category": "product_name",
"name": "Windows 11 Version 22H2 for ARM64-based Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.22621.1702",
"product": {
"name": "Windows 11 Version 22H2 for x64-based Systems \u003c10.0.22621.1702",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "10.0.22621.1702",
"product": {
"name": "Windows 11 Version 22H2 for x64-based Systems 10.0.22621.1702",
"product_id": "12086"
}
}
],
"category": "product_name",
"name": "Windows 11 Version 22H2 for x64-based Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.19045.2965",
"product": {
"name": "Windows 10 Version 22H2 for x64-based Systems \u003c10.0.19045.2965",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "10.0.19045.2965",
"product": {
"name": "Windows 10 Version 22H2 for x64-based Systems 10.0.19045.2965",
"product_id": "12097"
}
}
],
"category": "product_name",
"name": "Windows 10 Version 22H2 for x64-based Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.19045.2965",
"product": {
"name": "Windows 10 Version 22H2 for ARM64-based Systems \u003c10.0.19045.2965",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "10.0.19045.2965",
"product": {
"name": "Windows 10 Version 22H2 for ARM64-based Systems 10.0.19045.2965",
"product_id": "12098"
}
}
],
"category": "product_name",
"name": "Windows 10 Version 22H2 for ARM64-based Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.19045.2965",
"product": {
"name": "Windows 10 Version 22H2 for 32-bit Systems \u003c10.0.19045.2965",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "10.0.19045.2965",
"product": {
"name": "Windows 10 Version 22H2 for 32-bit Systems 10.0.19045.2965",
"product_id": "12099"
}
}
],
"category": "product_name",
"name": "Windows 10 Version 22H2 for 32-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.10240.19926",
"product": {
"name": "Windows 10 for 32-bit Systems \u003c10.0.10240.19926",
"product_id": "25"
}
},
{
"category": "product_version",
"name": "10.0.10240.19926",
"product": {
"name": "Windows 10 for 32-bit Systems 10.0.10240.19926",
"product_id": "10729"
}
}
],
"category": "product_name",
"name": "Windows 10 for 32-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.10240.19926",
"product": {
"name": "Windows 10 for x64-based Systems \u003c10.0.10240.19926",
"product_id": "24"
}
},
{
"category": "product_version",
"name": "10.0.10240.19926",
"product": {
"name": "Windows 10 for x64-based Systems 10.0.10240.19926",
"product_id": "10735"
}
}
],
"category": "product_name",
"name": "Windows 10 for x64-based Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.14393.5921",
"product": {
"name": "Windows 10 Version 1607 for 32-bit Systems \u003c10.0.14393.5921",
"product_id": "22"
}
},
{
"category": "product_version",
"name": "10.0.14393.5921",
"product": {
"name": "Windows 10 Version 1607 for 32-bit Systems 10.0.14393.5921",
"product_id": "10852"
}
}
],
"category": "product_name",
"name": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.14393.5921",
"product": {
"name": "Windows 10 Version 1607 for x64-based Systems \u003c10.0.14393.5921",
"product_id": "21"
}
},
{
"category": "product_version",
"name": "10.0.14393.5921",
"product": {
"name": "Windows 10 Version 1607 for x64-based Systems 10.0.14393.5921",
"product_id": "10853"
}
}
],
"category": "product_name",
"name": "Windows 10 Version 1607 for x64-based Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.14393.5921",
"product": {
"name": "Windows Server 2016 \u003c10.0.14393.5921",
"product_id": "23"
}
},
{
"category": "product_version",
"name": "10.0.14393.5921",
"product": {
"name": "Windows Server 2016 10.0.14393.5921",
"product_id": "10816"
}
}
],
"category": "product_name",
"name": "Windows Server 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.14393.5921",
"product": {
"name": "Windows Server 2016 (Server Core installation) \u003c10.0.14393.5921",
"product_id": "20"
}
},
{
"category": "product_version",
"name": "10.0.14393.5921",
"product": {
"name": "Windows Server 2016 (Server Core installation) 10.0.14393.5921",
"product_id": "10855"
}
}
],
"category": "product_name",
"name": "Windows Server 2016 (Server Core installation)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.0.6003.22070",
"product": {
"name": "Windows Server 2008 for 32-bit Systems Service Pack 2 \u003c6.0.6003.22070",
"product_id": "35"
}
},
{
"category": "product_version",
"name": "6.0.6003.22070",
"product": {
"name": "Windows Server 2008 for 32-bit Systems Service Pack 2 6.0.6003.22070",
"product_id": "9312"
}
}
],
"category": "product_name",
"name": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.0.6003.22070",
"product": {
"name": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \u003c6.0.6003.22070",
"product_id": "30"
}
},
{
"category": "product_version",
"name": "6.0.6003.22070",
"product": {
"name": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 6.0.6003.22070",
"product_id": "10287"
}
}
],
"category": "product_name",
"name": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.0.6003.22070",
"product": {
"name": "Windows Server 2008 for x64-based Systems Service Pack 2 \u003c6.0.6003.22070",
"product_id": "34"
}
},
{
"category": "product_version",
"name": "6.0.6003.22070",
"product": {
"name": "Windows Server 2008 for x64-based Systems Service Pack 2 6.0.6003.22070",
"product_id": "9318"
}
}
],
"category": "product_name",
"name": "Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.0.6003.22070",
"product": {
"name": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \u003c6.0.6003.22070",
"product_id": "33"
}
},
{
"category": "product_version",
"name": "6.0.6003.22070",
"product": {
"name": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 6.0.6003.22070",
"product_id": "9344"
}
}
],
"category": "product_name",
"name": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.1.7601.26519",
"product": {
"name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 \u003c6.1.7601.26519",
"product_id": "31"
}
},
{
"category": "product_version",
"name": "6.1.7601.26519",
"product": {
"name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 6.1.7601.26519",
"product_id": "10051"
}
}
],
"category": "product_name",
"name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.1.7601.26519",
"product": {
"name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \u003c6.1.7601.26519",
"product_id": "32"
}
},
{
"category": "product_version",
"name": "6.1.7601.26519",
"product": {
"name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 6.1.7601.26519",
"product_id": "10049"
}
}
],
"category": "product_name",
"name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.2.9200.24266",
"product": {
"name": "Windows Server 2012 \u003c6.2.9200.24266",
"product_id": "29"
}
},
{
"category": "product_version",
"name": "6.2.9200.24266",
"product": {
"name": "Windows Server 2012 6.2.9200.24266",
"product_id": "10378"
}
}
],
"category": "product_name",
"name": "Windows Server 2012"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.2.9200.24266",
"product": {
"name": "Windows Server 2012 (Server Core installation) \u003c6.2.9200.24266",
"product_id": "28"
}
},
{
"category": "product_version",
"name": "6.2.9200.24266",
"product": {
"name": "Windows Server 2012 (Server Core installation) 6.2.9200.24266",
"product_id": "10379"
}
}
],
"category": "product_name",
"name": "Windows Server 2012 (Server Core installation)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.9600.20969",
"product": {
"name": "Windows Server 2012 R2 \u003c6.3.9600.20969",
"product_id": "27"
}
},
{
"category": "product_version",
"name": "6.3.9600.20969",
"product": {
"name": "Windows Server 2012 R2 6.3.9600.20969",
"product_id": "10483"
}
}
],
"category": "product_name",
"name": "Windows Server 2012 R2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.9600.20969",
"product": {
"name": "Windows Server 2012 R2 (Server Core installation) \u003c6.3.9600.20969",
"product_id": "26"
}
},
{
"category": "product_version",
"name": "6.3.9600.20969",
"product": {
"name": "Windows Server 2012 R2 (Server Core installation) 6.3.9600.20969",
"product_id": "10543"
}
}
],
"category": "product_name",
"name": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29324",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "An attacker who successfully exploits the vulnerability could craft a malicious URL that would evade zone checks, resulting in a limited loss of integrity and availability on the victim machine.",
"title": "According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?"
},
{
"category": "faq",
"text": "Yes. Customers must install the updates for CVE-2023-23397 and CVE-2023-29324 to be fully protected. For more information, please see the MSRC Blog Post relating to CVE-2023-23397 here: Microsoft Mitigates Outlook Elevation of Privilege Vulnerability.",
"title": "Are there additional steps that I need to take to be protected from this vulnerability?"
},
{
"category": "faq",
"text": "While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.\nTo stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.",
"title": "The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?"
}
],
"product_status": {
"fixed": [
"9312",
"9318",
"9344",
"10049",
"10051",
"10287",
"10378",
"10379",
"10483",
"10543",
"10729",
"10735",
"10816",
"10852",
"10853",
"10855",
"11568",
"11569",
"11570",
"11571",
"11572",
"11801",
"11802",
"11923",
"11924",
"11926",
"11927",
"11929",
"11930",
"11931",
"12085",
"12086",
"12097",
"12098",
"12099"
],
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34",
"35"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-29324 Windows MSHTML Platform Security Feature Bypass Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324"
},
{
"category": "self",
"summary": "CVE-2023-29324 Windows MSHTML Platform Security Feature Bypass Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2023/msrc_cve-2023-29324.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "10.0.17763.4377:Security Update:https://support.microsoft.com/help/5026362",
"product_ids": [
"19",
"18",
"17",
"16",
"15"
],
"url": "https://support.microsoft.com/help/5026362"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "10.0.20348.1726:Security Update:https://support.microsoft.com/help/5026370",
"product_ids": [
"12",
"11"
],
"url": "https://support.microsoft.com/help/5026370"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "10.0.20348.1724:Security Hotpatch Update:https://support.microsoft.com/help/5026456",
"product_ids": [
"12",
"11"
],
"url": "https://support.microsoft.com/help/5026456"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "10.0.19042.2965:Security Update:https://support.microsoft.com/help/5026361",
"product_ids": [
"14",
"13"
],
"url": "https://support.microsoft.com/help/5026361"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "10.0.22000.1936:Security Update:https://support.microsoft.com/help/5026368",
"product_ids": [
"10",
"9"
],
"url": "https://support.microsoft.com/help/5026368"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "10.0.19044.2965:Security Update:https://support.microsoft.com/help/5026361",
"product_ids": [
"8",
"7",
"6"
],
"url": "https://support.microsoft.com/help/5026361"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "10.0.22621.1702:Security Update:https://support.microsoft.com/help/5026372",
"product_ids": [
"5",
"4"
],
"url": "https://support.microsoft.com/help/5026372"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "10.0.19045.2965:Security Update:https://support.microsoft.com/help/5026361",
"product_ids": [
"3",
"2",
"1"
],
"url": "https://support.microsoft.com/help/5026361"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "10.0.10240.19926:Security Update:https://support.microsoft.com/help/5026382",
"product_ids": [
"25",
"24"
],
"url": "https://support.microsoft.com/help/5026382"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "10.0.14393.5921:Security Update:https://support.microsoft.com/help/5026363",
"product_ids": [
"22",
"21",
"23",
"20"
],
"url": "https://support.microsoft.com/help/5026363"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "6.0.6003.22070:Monthly Rollup:https://support.microsoft.com/help/5026408",
"product_ids": [
"35",
"30",
"34",
"33"
],
"url": "https://support.microsoft.com/help/5026408"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "6.0.6003.22070:Security Only:https://support.microsoft.com/help/5026427",
"product_ids": [
"35",
"30",
"34",
"33"
],
"url": "https://support.microsoft.com/help/5026427"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "1.1.0.0:IE Cumulative:https://support.microsoft.com/help/5026366",
"product_ids": [
"35",
"30",
"34",
"33",
"31",
"32",
"29",
"28",
"27",
"26"
],
"url": "https://support.microsoft.com/help/5026366"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "6.1.7601.26519:Monthly Rollup:https://support.microsoft.com/help/5026413",
"product_ids": [
"31",
"32"
],
"url": "https://support.microsoft.com/help/5026413"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "6.1.7601.26519:Security Only:https://support.microsoft.com/help/5026426",
"product_ids": [
"31",
"32"
],
"url": "https://support.microsoft.com/help/5026426"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "6.2.9200.24266:Monthly Rollup:https://support.microsoft.com/help/5026419",
"product_ids": [
"29",
"28"
],
"url": "https://support.microsoft.com/help/5026419"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "6.2.9200.24266:Security Only:https://support.microsoft.com/help/5026411",
"product_ids": [
"29",
"28"
],
"url": "https://support.microsoft.com/help/5026411"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "6.3.9600.20969:Monthly Rollup:https://support.microsoft.com/help/5026415",
"product_ids": [
"27",
"26"
],
"url": "https://support.microsoft.com/help/5026415"
},
{
"category": "vendor_fix",
"date": "2023-05-09T07:00:00.000Z",
"details": "6.3.9600.20969:Security Only:https://support.microsoft.com/help/5026409",
"product_ids": [
"27",
"26"
],
"url": "https://support.microsoft.com/help/5026409"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34",
"35"
]
}
],
"threats": [
{
"category": "impact",
"details": "Security Feature Bypass"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely"
}
],
"title": "Windows MSHTML Platform Security Feature Bypass Vulnerability"
}
]
}
WID-SEC-W-2023-1178
Vulnerability from csaf_certbund - Published: 2023-05-09 22:00 - Updated: 2024-05-06 22:00Summary
Microsoft Windows und Microsoft Windows Server: Mehrere Schwachstellen
Severity
Kritisch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Windows ist ein Betriebssystem von Microsoft.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern
Betroffene Betriebssysteme: - Windows
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Privilegien.
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Windows Server 2019
Microsoft
|
cpe:/o:microsoft:windows_server_2019:-
|
— | |
|
Microsoft Windows Server 2008 R2 SP1
Microsoft / Windows Server 2008 R2
|
cpe:/o:microsoft:windows_server_2008_r2:sp_1
|
SP1 | |
|
Dell NetWorker BMR <19.9.0.6
Dell / NetWorker
|
BMR <19.9.0.6 | ||
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
v2 | |
|
Microsoft Windows Server 2012
Microsoft
|
cpe:/o:microsoft:windows_server_2012:-
|
— | |
|
Microsoft Windows Server 2012 R2
Microsoft
|
cpe:/o:microsoft:windows_server_2012_r2:-
|
— | |
|
Microsoft Windows 10
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:-
|
— | |
|
Microsoft Windows 10 Version 1607
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1607
|
Version 1607 | |
|
Microsoft Windows 10 Version 1809
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_1809
|
Version 1809 | |
|
Hitachi Storage Virtual Storage Platform
Hitachi / Storage
|
cpe:/h:hitachi:storage:virtual_storage_platform
|
Virtual Storage Platform | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Microsoft Windows 10 Version 21H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_21h2
|
Version 21H2 | |
|
Microsoft Windows 11 version 21H2
Microsoft / Windows 11
|
version 21H2 | ||
|
Microsoft Windows Server 2022
Microsoft
|
cpe:/o:microsoft:windows_server_2022:-
|
— | |
|
Microsoft Windows 10 Version 22H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_22h2
|
Version 22H2 | |
|
Microsoft Windows Server 2008 SP2
Microsoft / Windows Server 2008 Service Pack 2
|
cpe:/o:microsoft:windows_server_2008:sp2
|
SP2 | |
|
Microsoft Windows Server 2016
Microsoft
|
cpe:/o:microsoft:windows_server_2016:-
|
— | |
|
Microsoft Windows 10 Version 20H2
Microsoft / Windows 10
|
cpe:/o:microsoft:windows_10:version_20h2
|
Version 20H2 | |
|
Microsoft Windows 11 Version 22H2
Microsoft / Windows 11
|
cpe:/o:microsoft:windows_11:version_22h2
|
Version 22H2 |
References
8 references
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://msrc.microsoft.com/update-guide | external |
| https://kb.igel.com/securitysafety/en/isn-2023-06… | external |
| https://securitydocs.business.xerox.com/wp-conten… | external |
| https://www.hitachi.com/products/it/storage-solut… | external |
| https://www.dell.com/support/kbdoc/de-de/00022479… | external |
| https://www.dell.com/support/kbdoc/000224798/dsa-2024-= | external |
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Windows ist ein Betriebssystem von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1178 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1178.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1178 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1178"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2023-05-09",
"url": "https://msrc.microsoft.com/update-guide"
},
{
"category": "external",
"summary": "IGEL Security Notice ISN-2023-06 vom 2023-05-12",
"url": "https://kb.igel.com/securitysafety/en/isn-2023-06-uefi-secure-boot-malware-and-igel-os-88016851.html"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX23-010 vom 2023-06-21",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2023/06/Xerox-Security-Bulletin-XRX23-010-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v2_Windows%C2%AE-10.pdf"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-305 vom 2023-09-26",
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2023/05.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-207 vom 2024-05-06",
"url": "https://www.dell.com/support/kbdoc/de-de/000224798/dsa-2024-207-security-update-for-dell-networker-for-bmr-iso-vulnerability"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-207 vom 2024-05-07",
"url": "https://www.dell.com/support/kbdoc/000224798/dsa-2024-="
}
],
"source_lang": "en-US",
"title": "Microsoft Windows und Microsoft Windows Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-05-06T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:50:38.298+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1178",
"initial_release_date": "2023-05-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-05-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-05-14T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IGEL aufgenommen"
},
{
"date": "2023-06-20T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2023-09-25T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-05-06T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "BMR \u003c19.9.0.6",
"product": {
"name": "Dell NetWorker BMR \u003c19.9.0.6",
"product_id": "T034566"
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Virtual Storage Platform",
"product": {
"name": "Hitachi Storage Virtual Storage Platform",
"product_id": "T020487",
"product_identification_helper": {
"cpe": "cpe:/h:hitachi:storage:virtual_storage_platform"
}
}
}
],
"category": "product_name",
"name": "Storage"
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "IGEL OS",
"product": {
"name": "IGEL OS",
"product_id": "T017865",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:-"
}
}
}
],
"category": "vendor",
"name": "IGEL"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Microsoft Windows 10",
"product": {
"name": "Microsoft Windows 10",
"product_id": "T005617",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_10:-"
}
}
},
{
"category": "product_version",
"name": "Version 1607",
"product": {
"name": "Microsoft Windows 10 Version 1607",
"product_id": "T011520",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_10:version_1607"
}
}
},
{
"category": "product_version",
"name": "Version 1809",
"product": {
"name": "Microsoft Windows 10 Version 1809",
"product_id": "T019780",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_10:version_1809"
}
}
},
{
"category": "product_version",
"name": "Version 20H2",
"product": {
"name": "Microsoft Windows 10 Version 20H2",
"product_id": "T020373",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_10:version_20h2"
}
}
},
{
"category": "product_version",
"name": "Version 21H2",
"product": {
"name": "Microsoft Windows 10 Version 21H2",
"product_id": "T021306",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_10:version_21h2"
}
}
},
{
"category": "product_version",
"name": "Version 22H2",
"product": {
"name": "Microsoft Windows 10 Version 22H2",
"product_id": "T025256",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_10:version_22h2"
}
}
}
],
"category": "product_name",
"name": "Windows 10"
},
{
"branches": [
{
"category": "product_version",
"name": "Version 22H2",
"product": {
"name": "Microsoft Windows 11 Version 22H2",
"product_id": "T024880",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_11:version_22h2"
}
}
},
{
"category": "product_version_range",
"name": "version 21H2",
"product": {
"name": "Microsoft Windows 11 version 21H2",
"product_id": "T025777"
}
}
],
"category": "product_name",
"name": "Windows 11"
},
{
"branches": [
{
"category": "product_version",
"name": "SP1",
"product": {
"name": "Microsoft Windows Server 2008 R2 SP1",
"product_id": "T013769",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_server_2008_r2:sp_1"
}
}
}
],
"category": "product_name",
"name": "Windows Server 2008 R2"
},
{
"branches": [
{
"category": "product_version",
"name": "SP2",
"product": {
"name": "Microsoft Windows Server 2008 SP2",
"product_id": "1064169",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_server_2008:sp2"
}
}
}
],
"category": "product_name",
"name": "Windows Server 2008 Service Pack 2"
},
{
"category": "product_name",
"name": "Microsoft Windows Server 2012",
"product": {
"name": "Microsoft Windows Server 2012",
"product_id": "T005923",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_server_2012:-"
}
}
},
{
"category": "product_name",
"name": "Microsoft Windows Server 2012 R2",
"product": {
"name": "Microsoft Windows Server 2012 R2",
"product_id": "T014786",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_server_2012_r2:-"
}
}
},
{
"category": "product_name",
"name": "Microsoft Windows Server 2016",
"product": {
"name": "Microsoft Windows Server 2016",
"product_id": "T008880",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_server_2016:-"
}
}
},
{
"category": "product_name",
"name": "Microsoft Windows Server 2019",
"product": {
"name": "Microsoft Windows Server 2019",
"product_id": "T012979",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_server_2019:-"
}
}
},
{
"category": "product_name",
"name": "Microsoft Windows Server 2022",
"product": {
"name": "Microsoft Windows Server 2022",
"product_id": "T020315",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_server_2022:-"
}
}
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v2",
"product": {
"name": "Xerox FreeFlow Print Server v2",
"product_id": "T014888",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v2"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24898",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24898"
},
{
"cve": "CVE-2023-24899",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24899"
},
{
"cve": "CVE-2023-24900",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24900"
},
{
"cve": "CVE-2023-24901",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24901"
},
{
"cve": "CVE-2023-24902",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24902"
},
{
"cve": "CVE-2023-24903",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24903"
},
{
"cve": "CVE-2023-24904",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24904"
},
{
"cve": "CVE-2023-24905",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24905"
},
{
"cve": "CVE-2023-24932",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24932"
},
{
"cve": "CVE-2023-24939",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24939"
},
{
"cve": "CVE-2023-24940",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24940"
},
{
"cve": "CVE-2023-24941",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24941"
},
{
"cve": "CVE-2023-24942",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24942"
},
{
"cve": "CVE-2023-24943",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24943"
},
{
"cve": "CVE-2023-24944",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24944"
},
{
"cve": "CVE-2023-24945",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24945"
},
{
"cve": "CVE-2023-24946",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24946"
},
{
"cve": "CVE-2023-24947",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24947"
},
{
"cve": "CVE-2023-24948",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24948"
},
{
"cve": "CVE-2023-24949",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24949"
},
{
"cve": "CVE-2023-28251",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-28251"
},
{
"cve": "CVE-2023-28283",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-28283"
},
{
"cve": "CVE-2023-28290",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-28290"
},
{
"cve": "CVE-2023-29324",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-29324"
},
{
"cve": "CVE-2023-29325",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-29325"
},
{
"cve": "CVE-2023-29336",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-29336"
},
{
"cve": "CVE-2023-29340",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-29340"
},
{
"cve": "CVE-2023-29341",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien."
}
],
"product_status": {
"known_affected": [
"T012979",
"T013769",
"T034566",
"T014888",
"T005923",
"T014786",
"T005617",
"T011520",
"T019780",
"T020487",
"T017865",
"T021306",
"T025777",
"T020315",
"T025256",
"1064169",
"T008880",
"T020373",
"T024880"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-29341"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…